June 3, 2022

Key Takeaways from the Open Source Software Security Summit II

Monica Maher, Vice President, Cyber Defense; Tim Douglas, Managing Director, SDLC & Runtime Production Engineering; Rob Underwood, Vice President, Global Open Source Program Lead

Building on the launch of our Open Source Program Office (OSPO) and the firm's statement on supporting the Open Source Security Foundation (OpenSSF), Goldman Sachs participated in the Open Source Software Security Summit II on May 12-13 in Washington, D.C. The Summit, convened by OpenSSF and the Linux Foundation, took place on the one year anniversary of the White House Executive Order on Cybersecurity, and was organized to further coordinate public and private sector efforts to support the directives of that order. Specifically, the Summit brought together security executives from technology companies, government, and open source communities to announce and discuss the Open Source Software Security Mobilization Plan. The plan outlines 3 distinct goals and 10 work streams for achieving those goals:

  1. Securing Open Source Software (OSS) Production: Focus on preventing security defects and vulnerabilities in code and open source packages.
  2. Improving Vulnerability Discovery and Remediation: Improve the process for finding defects and fixing them.
  3. Shorten Ecosystem Patching Response Time: Shorten the response time for distributing and implementing fixes.

The Summit provided an opportunity to engage directly with peers from Atlassian, Cisco, GitHub, Google, Intel, Microsoft, as well as other financial industry participants including Citi, Fidelity, JP Morgan Chase, and Morgan Stanley, to collaborate on priorities. As both a contributor and end user of open source software, Goldman Sachs is committed to collaborating on these collective efforts to improve and strengthen the OSS ecosystem. We will continue to work with peers on the work streams and identify ways to address supply chain security challenges.

See https://www.gs.com/disclaimer/global_email for important risk disclosures, conflicts of interest, and other terms and conditions relating to this blog and your reliance on information contained in it.

Certain solutions and Institutional Services described herein are provided via our Marquee platform. The Marquee platform is for institutional and professional clients only. This site is for informational purposes only and does not constitute an offer to provide the Marquee platform services described, nor an offer to sell, or the solicitation of an offer to buy, any security. Some of the services and products described herein may not be available in certain jurisdictions or to certain types of clients. Please contact your Goldman Sachs sales representative with any questions. Any data or market information presented on the site is solely for illustrative purposes. There is no representation that any transaction can or could have been effected on such terms or at such prices. Please see https://www.goldmansachs.com/disclaimer/sec-div-disclaimers-for-electronic-comms.html for additional information.
Transaction Banking services are offered by Goldman Sachs Bank USA (“GS Bank”). GS Bank is a New York State chartered bank, a member of the Federal Reserve System and a Member FDIC.
GS DAP™ is owned and operated by Goldman Sachs. This site is for informational purposes only and does not constitute an offer to provide, or the solicitation of an offer to provide access to or use of GS DAP™. Any subsequent commitment by Goldman Sachs to provide access to and / or use of GS DAP™ would be subject to various conditions, including, amongst others, (i) satisfactory determination and legal review of the structure of any potential product or activity, (ii) receipt of all internal and external approvals (including potentially regulatory approvals); (iii) execution of any relevant documentation in a form satisfactory to Goldman Sachs; and (iv) completion of any relevant system / technology / platform build or adaptation required or desired to support the structure of any potential product or activity.
Mosaic is a service mark of Goldman Sachs & Co. LLC. This service is made available in the United States by Goldman Sachs & Co. LLC and outside of the United States by Goldman Sachs International, or its local affiliates in accordance with applicable law and regulations. Goldman Sachs International and Goldman Sachs & Co. LLC are the distributors of the Goldman Sachs Funds. Depending upon the jurisdiction in which you are located, transactions in non-Goldman Sachs money market funds are affected by either Goldman Sachs & Co. LLC, a member of FINRA, SIPC and NYSE, or Goldman Sachs International. For additional information contact your Goldman Sachs representative. Goldman Sachs & Co. LLC, Goldman Sachs International, Goldman Sachs Liquidity Solutions, Goldman Sachs Asset Management, L.P., and the Goldman Sachs funds available through Goldman Sachs Liquidity Solutions and other affiliated entities, are under the common control of the Goldman Sachs Group, Inc.
© 2024 Goldman Sachs. All rights reserved.